Win32/Ganelp spreads via removable drives, uploads stolen information and downloads arbitrary files from remote FTP servers.
We have had detection signatures for this family for approximately 2 years and it continues to be prevalent, as seen in Figure 1.
What we understand about the Ganelp malware family is its malicious intent. Ganelp variants are usually distributed online as fake Java updates, they use a folder icon to mimic a directory and disguise copies of themselves with existing folder names found in the infected machine.
For more details about this family of worms, please see the MMPC Encyclopedia description for Win32/Ganelp.
Leave a reply